What Makes a Good Tip?
A strong news tip will have several components. Documentation or evidence is essential. Speculating or having a hunch does not rise to the level of a tip. A good news tip should articulate a clear and understandable issue or problem with real-world consequences. Be specific. Finally, a news tip should be newsworthy. While we agree it is unfair that your neighbor is stealing cable, we would not write a story about it.
Examples of good tips include:
Here is evidence that this government representative is breaking the law.
Here is proof that this company is conducting itself unethically.
We will be reviewing messages regularly, but cannot promise each will receive an individual response. There are multiple ways to submit tips. Each method provides different levels of protection, so we encourage you to be certain of the pros and cons of the method you choose. We will respond to tips using the same method in which they were submitted. For example, if you submit a tip to us with WhatsApp, we will only respond to you using WhatsApp.
WhatsApp is a free messaging app owned by Facebook that allows full end-to-end encryption for its service. Only the sender and recipient can read messages, photos, videos, voice messages, documents and calls. Though you can limit some account information shared to Facebook, WhatsApp still keeps records of the phone numbers involved in the exchange and the users’ metadata, including timestamps on messages.
Signal
The free and open source messaging app offers end-to-end encryption to send messages, photos, video and calls. Signal retains only your phone number, when you first registered with the service and when you were last active. No metadata surrounding communications is retained. The app also allows messages to self-destruct, removing them from the recipient’s and sender’s phones (once it’s been seen) after a set amount of time.
You may send us encrypted or unencrypted emails. Pretty Good Privacy (PGP) is an encryption software that allows you to send encrypted emails and documents. Mailvelope is a browser extension for Chrome and Firefox that makes it easy to use PGP. The extension will only encrypt the contents of the email you’re sending. Mailvelope will not encrypt metadata such as sender, recipient, subject or information about when the email was sent. This metadata will be available to your email provider.
Email: tips@nytimes.com
Mail delivered through the postal service is another secure means of communication. We recommend that you use a public mailbox, not a post office.
Address:
Tips
The New York Times
620 8th Avenue
New York, N.Y. 10018
SecureDrop
This encrypted submission system set up by The Times uses the Tor anonymity software to protect your identity, location and the information you send us. We do not ask for or require any identifiable information, nor do we track or log information surrounding our communication.
We strongly recommend that tips be sent using a public Wi-Fi network, and that the computer you use is free of malware. If the computer is compromised, communications using SecureDrop may be compromised as well. The steps below outline best practices for use of SecureDrop, as well as the steps that we take to protect your privacy.
- Download and install the Tor browser from https://www.torproject.org. The Tor browser allows access to our SecureDrop page, which operates as a Tor “hidden service.”
- Open the Tor browser and wait for the page that says a connection has been established, then copy and paste the following into the address bar: nytimes2tsqtnxek.onion
- Follow the instructions to send us information. Users will be given a codename that can be used to log back in and check for responses from Times reporters.
- For added security, consider using the Tails operating system instead of the Tor Browser.
Privacy Information
The SecureDrop servers are under the physical control of The New York Times.
The information you send us is stored on our SecureDrop servers in an encrypted format. Before distributing your submission to reporters, we will decrypt your submission on a computer that has never been connected to the internet and remove any metadata associated with it. After it has been stripped of metadata, and, if possible, known source information, tips and submitted documents will be accessible to our editors and reporters. We will not know the source of tips submitted through SecureDrop: If your name or other identifiers are included in the tip itself, it may not be redacted from the information we share with the reporters. If this is a serious concern, we encourage you not to include identifying information within your submission.
If you wish to log back in to check for responses from The Times, we recommend that you delete each message as soon as you have read it. The message will then also be securely deleted from our servers.
SecureDrop is regularly audited by independent security experts. Like all software, it could have security bugs that are exploitable. Ultimately, you use the service at your own risk.